mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-13 10:50:55 +00:00
Code Issues 32 Releases Wiki Activity
33,328 Commits 29 Branches 437 Tags
Commit Graph

334 Commits

Author SHA1 Message Date
Sarah Boyce
d637e251b4 [5.2.x] Added security guideline on reasonable size limitations when rendering content via the DTL. 
This also removes the need to add warnings for every Django template filter.

Backport of 582ba18d56167587e290545f113d3956e73a5801 from main.
 2025-02-24 08:54:44 +01:00
Sarah Boyce
92d5b2f389 [5.2.x] Fixed #36182 -- Returned "?" if all parameters are removed in querystring template tag. 
Thank you to David Feeley for the report and Natalia Bidart for the review.

Backport of 05002c153c5018e4429a326a6699c7c45e5ea957 from main.
 2025-02-13 15:50:53 +01:00
ssanger
df6013b2b4 Added missing alt attribute to <img> tag in docs. 2024-10-22 14:18:20 +02:00
Sarah Boyce
320dd27412 Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters. 
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
 2024-09-03 09:22:32 -03:00
Matthew Somerville
fb7be022cb Updated example links in urlize docs. 
goo.gl links are being removed in 2025:
https://developers.googleblog.com/en/google-url-shortener-links-will-no-longer-be-available/
 2024-07-23 14:02:30 +02:00
nessita
cf03aa4e94
Refs #10941 -- Reorganized querystring template tag docs. 2024-07-22 10:31:54 -03:00
Sarah Boyce
27043bde5b
Refs #10941 -- Renamed query_string template tag to querystring. 2024-07-15 13:28:55 -03:00
Natalia
05cce083ad Removed versionadded/changed annotations for 5.0. 
This also removes remaining versionadded/changed annotations for older
versions.
 2024-05-22 15:44:07 -03:00
canhuynh1998
a7baa874d8 Fixed #35280 -- Improved iriencode filter example in docs. 2024-03-10 14:54:38 +01:00
Emmanuel Katchy
12ffcfc350 Updated "Dive Into Python" links. 2024-01-20 19:43:55 +01:00
Mariusz Felisiak
0be6dde817
Corrected code-block directives in docs. 2023-12-28 19:52:15 +01:00
Tom Carrick
e67d3580ed Fixed #10941 -- Added {% query_string %} template tag. 2023-10-26 09:57:21 +02:00
Natalia
17b51094d7 Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text.Truncator when truncating HTML text. 
Thanks Wenchao Li of Alibaba Group for the report.
 2023-10-04 09:22:26 -03:00
Mariusz Felisiak
14ef92fa9e Refs #33864 -- Removed length_is template filter per deprecation timeline. 2023-09-18 22:12:40 +02:00
Mariusz Felisiak
295467c04a Removed versionadded/changed annotations for 4.2. 
This also removes remaining versionadded/changed annotations for older
versions.
 2023-09-18 22:12:40 +02:00
Jon Ribbens
adfb3dfa89 Fixed #33405, Refs #7177 -- Clarified docs for filter escapejs regarding safe and unsafe usages. 2023-07-03 12:32:58 +02:00
Akash Kumar Sen
b0a6cc7f57 Fixed #34600 -- Removed references to bleach in docs. 2023-05-31 09:52:38 +01:00
Natalia
881cc139e2 Refs #34574, Refs #34577 -- Mentioned escapeseq filter in escape/autoescape docs. 2023-05-26 06:26:38 +02:00
Natalia
1a59a324ce Fixed #34574 -- Noted unexpected outcomes in autoescape/escape docs. 2023-05-26 06:21:46 +02:00
Arthur Moreira
061a8a1bd8 Fixed #34577 -- Added escapeseq template filter. 2023-05-22 09:58:03 +02:00
Pan Dango
12ec80726f
Corrected code-block directive in docs/ref/templates/builtins.txt. 2023-05-07 14:51:27 +02:00
Jannis Vajen
024954aad4 Corrected code-block directives in docs. 2023-05-04 14:10:11 +02:00
django-bot
14459f80ee Fixed #34140 -- Reformatted code blocks in docs with blacken-docs. 2023-03-01 13:03:56 +01:00
Joseph Victor Zammit
ba755ca131 Refs #34140 -- Corrected rst code-block and various formatting issues in docs. 2023-02-28 12:21:37 +01:00
Carlton Gibson
534ac48297 Refs #34140 -- Applied rst code-block to non-Python examples. 
Thanks to J.V. Zammit, Paolo Melchiorre, and Mariusz Felisiak for
reviews.
 2023-02-10 19:19:13 +01:00
Mariusz Felisiak
8d98f99a4a Refs #32873 -- Removed settings.USE_L10N per deprecation timeline. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
490cccbe7e Removed versionadded/changed annotations for 4.1. 2023-01-17 11:49:15 +01:00
Jarosław Wygoda
32940d390a Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings. 2023-01-12 09:58:36 +01:00
Nick Pope
4d4bf55e0e Fixed #33864 -- Deprecated length_is template filter. 2022-07-23 12:36:21 +02:00
Carlton Gibson
ca1c3151c3 Removed versionadded/changed annotations for 4.0. 2022-05-17 14:22:06 +02:00
David Smith
67b5f506a6
Changed some words to use inline markup. 2022-03-10 10:18:31 +01:00
Andrey Otto
f70a875cc0
Fixed #33530 -- Fixed typo in docs/ref/templates/builtins.txt. 2022-02-21 06:13:36 +01:00
Markus Holtermann
394517f078 Fixed CVE-2022-22818 -- Fixed possible XSS via {% debug %} template tag. 
Thanks Keryn Knight for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-02-01 07:40:51 +01:00
Claude Paroz
7c4f396509 Stopped including type="text/css" attributes for CSS link tags. 2022-01-22 16:38:14 +01:00
Florian Apolloner
761f449e0d Fixed CVE-2021-45116 -- Fixed potential information disclosure in dictsort template filter. 
Thanks to Dennis Brinkrolf for the report.

Co-authored-by: Adam Johnson <me@adamj.eu>
 2022-01-04 10:03:56 +01:00
Baptiste Mispelon
e6e664a711 Fixed #33302 -- Made element_id optional argument for json_script template filter. 
Added versionchanged note in documentation
 2021-11-22 11:52:19 +01:00
Mariusz Felisiak
97237ad3fe Removed versionadded/changed annotations for 3.2. 2021-09-20 21:23:01 +02:00
Mariusz Felisiak
4a43335d30
Fixed #30086, Refs #32873 -- Made floatformat template filter independent of USE_L10N. 2021-09-08 08:37:27 +02:00
Muhammad Hammad
f1d2d2679b Fixed #33067 -- Improved templatetag docs. 2021-09-03 20:08:01 +02:00
David Smith
8208381ba6 Refs #32956 -- Corrected spelling of daylight saving time. 
AP Stylebook: Saving not savings, no hyphen, and lowercase.
 2021-08-06 13:00:24 +02:00
Nick Pope
c156e36955 Refs #32720 -- Updated various links in docs to avoid redirects and use HTTPS. 2021-05-17 09:46:09 +02:00
Nick Pope
34363a391b Fixed #32735 -- Made DateFormat.Y() return a zero-padded year. 2021-05-12 08:17:06 +02:00
Mariusz Felisiak
e7208f13c0 Refs #25236 -- Removed {% ifequal %} and {% ifnotequal %} template tags per deprecation timeline. 2021-01-14 17:50:04 +01:00
Mariusz Felisiak
b7dd89ed53 Removed versionadded/changed annotations for 3.1. 2021-01-14 17:50:04 +01:00
Roland Geider
3363cf4225
Fixed typo in docs/ref/templates/builtins.txt. 2021-01-04 07:34:53 +01:00
Sam
895f6e4992 Fixed #32149 -- Added support for years < 1000 to DateFormat.y(). 2020-11-12 12:43:06 +01:00
Nikita Sobolev
42f3fafdfa
Updated {% static %} tag examples in docs to use single quotes where appropriate. 2020-11-02 10:34:24 +01:00
Jacob Walls
ac6c426007 Fixed #20601 -- Allowed forcing format with thousand separators in floatformat filter. 
Thanks Claude Paroz and Nick Pope for reviews.
 2020-10-13 10:36:46 +02:00
Adam Johnson
2afa61e7d9 Refs #31493 -- Replaced var with const/let in documentation JS. 2020-06-24 12:20:57 +02:00
Jon Dufresne
72a170b4c3 Fixed #25236 -- Deprecated {% ifequal %} and {% ifnotequal %} template tags. 
The {% if %} tag provides all features of these tags.

Since Django 1.2 (May 17, 2010), the docs have hinted that
{% ifequal %} and {% ifnotequal %} will be deprecated in a future
Django version. Time to make it official.
 2020-05-11 09:07:33 +02:00